# Welcome to the WRCCDC Archive!
**This is a public resource for the improvement of students and professionals alike.** We have released full Virtual Machine images and packet captures. **We hope everyone enjoys these resources**, and if you have issues downloading these resources you may contact us at . However, **we cannot provide support for using these resources.** Also if you discover something interesting, cool, or fun: please email us!
This server is completely static! We use [nginx](https://www.nginx.com/) with [NGINX Fancy Index Theme](https://github.com/Naereen/Nginx-Fancyindex-Theme), in addition we use [goaccess](https://goaccess.io/) to monitor traffic and popularity of resources. We would like to thank all these open source software projects for making some amazing software!
### **Using the Packet Captures (PCAPS):**
All our captures contain full traffic from the competition network. It is being freely released for everyone to look at!
- All the PCAP files are grouped by date and are at maximum of 500MB each.
- During competition time, the captures are streamed for the entirety of the competition weekend. Including times competitors are not on the systems.
- You'll need a tool like [Network Miner](http://www.netresec.com/?page=NetworkMiner) or [Wireshark](https://www.wireshark.org/) to view them. Both support reading multiple PCAP files at once.
- [PacketTotal](https://www.packettotal.com/) is a good resource to gain experience analyzing the traffic. If you want to analyze them yourself, use [Bro](https://www.bro.org/) as it can process packet captures as well as live traffic.
- There are multiple years of packet captures saved on this server, after a year of uploaded they are compressed in gzip format. You can use a tool such as 7zip (Windows) or gunzip (Linux) to extract them.
- There is a NTOP-ng instance during competition, but as of 2018 we haven't figured out how to export the netflow into a format that can be uploaded. *Sorry.*
- **If you find something interesting or cool from our captures please let us know and share! We want to see what people discover from these resources.**
### **Using the Images Images:**
- Images require VALID windows license keys to use. All Windows systems should be *sysprep*'d and require a new license key at boot.
- If you find a system with a valid license key still, please contact us right away! These systems must be license free to share
- All virtual machine images were made or setup for final processing in VMWare and exported into the OVA Format. This is an open format which may be imported using any standard platform including VMWare, VirtualBox, or KVM (proxmox).
- A complete network is known as a Pod, which is the fully contained network used in competition.
- You have to create a virtual network (internal) for each network pod, if you run multiple pods, you must create multiple virtual networks. (*In VMWare terms this is known as a vSwitch, in KVM it is known as a bridge interface*)
- Each pod is self contained, you simply need to import the image and match the network on each VM to the virtual network you created.
- To connect the VMs to the Internet and you, make sure you have a router. PFsense or VyOS is recommend and easy to configure!
- The special router configuration is not provided, you will have to setup the router VM yourself. Its simple: just create two interfaces and follow the instructions from your preferred router software.
- A topology and default configuration is provided in each folder. It may be a PDF, TXT or other such format. This should help you when setting up and connecting to the Virtual Machines.
- Once each system is booted, you'll be able to login with default credentials.
- Enjoy!
### **How Black Team Builds Images:**
So you want to know how a black team builds systems? Or you want to build your own? Here are a few guidelines.
- Systems are generally built from ideas Black Team members have seen from industry or has been seen on Twitter or LinkedIn.
- Common resources include "Web Servers", "Domain Controllers", "File Servers", "DNS Servers", "Application Servers", and "Hypervisors" to name a few.
- You will generally see a balance of systems of Windows, Linux, and ESXi. *Occasionally speciality systems will come into play but that always varies!*
- All systems are "optimized" for reliable operation. All systems are ALWAYS tested before release and are fully usable before given them to the teams.
- Servers get optimized for quickest setup and usability. This means turning off security policies, turning on any additional services that get installed through wizards and other tools. Systems often setup to listen on all interfaces and allow insecure execution, or no passwords at any point.
- In addition, each server may get "helpfully" installed bonus software sometimes - like Samba (on a web server makes no sense) or a mail server doing an open relay.
- he systems are configured to all have dependencies, like a DNS server connecting to another DNS server and web servers doing forward proxying to other web servers. Or a web server relying on federated (domain) users.
- Customers are added to boxes as well as employees to force students to understand and audit their systems.
- Systems commonly older, such as 4 year old Linux releases or Windows Server 2008.